Filtered by vendor Tenda
Subscribe
Total
1831 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-15253 | 1 Tenda | 2 M3, M3 Firmware | 2026-01-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in Tenda M3 1.0.0.13(4903). The impacted element is an unknown function of the file /goform/exeCommand. Such manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-15252 | 1 Tenda | 2 M3, M3 Firmware | 2026-01-02 | 9.0 HIGH | 8.8 HIGH |
| A flaw has been found in Tenda M3 1.0.0.13(4903). The affected element is the function formSetRemoteDhcpForAp of the file /goform/setDhcpAP. This manipulation of the argument startip/endip/leasetime/gateway/dns1/dns2 causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used. | |||||
| CVE-2025-15232 | 1 Tenda | 2 M3, M3 Firmware | 2026-01-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in Tenda M3 1.0.0.13(4903). This vulnerability affects the function formSetAdPushInfo of the file /goform/setAdPushInfo. The manipulation of the argument mac/terminal leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-67073 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2026-01-02 | N/A | 9.8 CRITICAL |
| A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serviceName`) to /goform/AdvSetMacMtuWan. | |||||
| CVE-2025-67074 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2026-01-02 | N/A | 6.5 MEDIUM |
| A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serverName`) to /goform/AdvSetMacMtuWan. | |||||
| CVE-2025-15356 | 1 Tenda | 2 Ac20, Ac20 Firmware | 2025-12-31 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in Tenda AC20 up to 16.03.08.12. The impacted element is the function sscanf of the file /goform/PowerSaveSet. The manipulation of the argument powerSavingEn/time/powerSaveDelay/ledCloseType leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-14992 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-12-31 | 9.0 HIGH | 8.8 HIGH |
| A security vulnerability has been detected in Tenda AC18 15.03.05.05. The impacted element is the function strcpy of the file /goform/GetParentControlInfo of the component HTTP Request Handler. The manipulation of the argument mac leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2025-14993 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-12-31 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was detected in Tenda AC18 15.03.05.05. This affects the function sprintf of the file /goform/SetDlnaCfg of the component HTTP Request Handler. The manipulation of the argument scanList results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be used. | |||||
| CVE-2025-14995 | 1 Tenda | 2 Fh1201, Fh1201 Firmware | 2025-12-31 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in Tenda FH1201 1.2.0.14(408). Affected is the function sprintf of the file /goform/SetIpBind. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-14994 | 1 Tenda | 4 Fh1201, Fh1201 Firmware, Fh1206 and 1 more | 2025-12-31 | 9.0 HIGH | 8.8 HIGH |
| A flaw has been found in Tenda FH1201 and FH1206 1.2.0.14(408)/1.2.0.8(8155). This impacts the function strcat of the file /goform/webtypelibrary of the component HTTP Request Handler. This manipulation of the argument webSiteId causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. | |||||
| CVE-2025-15010 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2025-12-30 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability has been found in Tenda WH450 1.0.0.18. This issue affects some unknown processing of the file /goform/SafeUrlFilter. The manipulation of the argument page leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-15007 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2025-12-30 | 10.0 HIGH | 9.8 CRITICAL |
| A security vulnerability has been detected in Tenda WH450 1.0.0.18. Affected by this issue is some unknown functionality of the file /goform/L7Im of the component HTTP Request Handler. Such manipulation of the argument page leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2025-15180 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2025-12-30 | 8.3 HIGH | 7.2 HIGH |
| A vulnerability was identified in Tenda WH450 1.0.0.18. The affected element is an unknown function of the file /goform/webExcptypemanFilte of the component HTTP Request Handler. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-15179 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2025-12-30 | 8.3 HIGH | 7.2 HIGH |
| A vulnerability was determined in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/qossetting. This manipulation of the argument page causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-15178 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2025-12-30 | 8.3 HIGH | 7.2 HIGH |
| A vulnerability was found in Tenda WH450 1.0.0.18. This issue affects some unknown processing of the file /goform/VirtualSer of the component HTTP Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used. | |||||
| CVE-2025-15177 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2025-12-30 | 8.3 HIGH | 7.2 HIGH |
| A vulnerability has been found in Tenda WH450 1.0.0.18. This vulnerability affects unknown code of the file /goform/SetIpBind of the component HTTP Request Handler. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-15163 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2025-12-30 | 8.3 HIGH | 7.2 HIGH |
| A vulnerability was identified in Tenda WH450 1.0.0.18. Affected by this issue is some unknown functionality of the file /goform/SafeEmailFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-15160 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2025-12-30 | 8.3 HIGH | 7.2 HIGH |
| A vulnerability has been found in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/PPTPServer. Such manipulation of the argument ip1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-15046 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2025-12-30 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability has been found in Tenda WH450 1.0.0.18. The impacted element is an unknown function of the file /goform/PPTPClient of the component HTTP Request Handler. Such manipulation of the argument netmsk leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-15045 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2025-12-30 | 10.0 HIGH | 9.8 CRITICAL |
| A flaw has been found in Tenda WH450 1.0.0.18. The affected element is an unknown function of the file /goform/Natlimit of the component HTTP Request Handler. This manipulation of the argument page causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used. | |||||